After a short break (only my perception?), spam has been coming back in the news recently... The Truth Laid Bear requests "Spam Be Gone", BBC ran a marketing-hyped piece on how Spam poses a thread to privacy, and Wired reported a new form of spam using Windows Messenger. (The latter one is a nasty one, I have to say, although I've not seen any myself (yet)).
Spam is a problem. A big one. No news there.
The only 100% guaranteed way of avoiding spam is not to have an email account, to disconnect your PC from the 'net, turn off your mobile phone etc. Briefly summarized: Forget it.
Second best is to not publish your email address anywhere, alternatively having multiple email addresses or a setup allowing you to customize your address any time you register the address on a website. The non-distribution tactic has worked for my professional mail address. 2.5 years in this job and not a single spam. Only way you've been getting my mail address is printed on my business card or if I've emailed you from here (not likely unless you're a business partner, family or we're close friends).
But what with the rest, you ask? How can I communicate with "the world" without the massive problem of spam?
For both "backwards compatibility" and to have a secure, personal mailaddress, I've kept my old university account(s) alive. (Thanks, Lars). On these account(s) I run SpamAssassin on all incoming mail before it sees my inbox. Like this, I can sort inbound mail in different, pre-filtered boxes: spam (I check this maybe weekly to look for false positives, but if you email me something that qualifies for the spam-box, don't expect a reply. ever. because probably it will go unread), mailinglists (read when I can be bothered ;-) and inbox (usually only personal mail arrives here, and I do reply...)
SpamAssassin works with a sophisticated scoring system - giving points for known spam-phrases, erroneous headers (many spammers have bad dates, fake "Received:"-headers in messages and more.) They also integrate with a spam-prevention system called Razor:
"a collaborative spam-tracking database, which works by taking a signature of spam messages. Since spam typically operates by sending an identical message to hundreds of people, Razor short-circuits this by allowing the first person to receive a spam to add it to the database--at which point everyone else will automatically block it. "Of course, SpamAssassin is running a continuous fight with professional UCE-mailers (Unsolicited Commercial Emails) who can adapt their messages to skim just below the scoring threshold of SA, but in general, it does the trick, and most Nigerian breast-enlarging all herbal inkjet cartridge refill life extending pill scam-ads (seen on TV !!) I get hits the thrashcan by default . . .
Spam Assassin catches approx 99 percent of all my spam in its current version. Of course, I assume I'll need to continue upgrading every n months to stay ahead of spammers, but it does an extremely good job overall. From the sheer number of messages getting caught compared to the ones getting through, it seems more like luck and less like intelligence from the spammers' side for the messages that reach my inbox.
Marketing hype for SpamAssassin? Rather real experiences. Compared to BBC's commercial piece on Mirapoint which mentions that the software uses some 25 checks to score spam, SpamAssassin uses hundreds of tests and has a quietly smiling crowd of followers with clean inboxes...
I'm happy to say that spam isn't usually too much of a problem for me. I get about half a dozen messages per day on my main sunpig address. That's a manageable volume. Most spam is ve..."
Anders Jacobsen |
[weblog / photography]